• When opening the VM web console in VMware Cloud Director (VCD) it gets immediately disconnected 
• When you try to view the web console for a VM it says "Disconnected, Retry".
• In the /opt/vmware/vcloud-director/logs/console-proxy.log, you have entries as below:
  
  YYYY-MM-DD TIME | ERROR    | pool-jetty-452519         | ServerWebSocket                | Connecting to ESX esxi.exampl.com [server: [L=/##.##.##.##:443 R=/##.##.##.##:57424]] [client: [id: 0xbd9c6d44, L:/##.##.##.##:53232 ! R:esxi.exampl.com/##.##.##.##:443]] |io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.....
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

VMware Cloud Director 10.x

This matter will occur if the ESXi certificates are not trusted in VMware Cloud Director.

If ESXi host certificates were recently renewed or expired it would trigger the issue.

Establish the trust for each ESXi hosts reported in the error in /opt/vmware/vcloud-director/logs/console-proxy.log following the documentation Test the Connection to a Remote Server and Establish a Trust Relationship